Wrap-around ErrorID: 128 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: INCOMPLETE |
Abstraction Type: Base |
Description
Wrap around errors occur whenever a value is incremented past
the maximum value for its type and therefore "wraps around" to a very small,
negative, or undefined value.
Likelihood of Exploit: Medium
Applicable PlatformsLanguage: OftenLanguage: CLanguage: OftenLanguage: C++
Time Of Introduction
Related Attack Patterns
Common Consequences
Scope | Technical Impact | Notes |
---|
Availability | DoS: crash / exit /
restartDoS: resource consumption
(CPU)DoS: resource consumption
(memory)DoS: instability | This weakness will generally lead to undefined behavior and therefore
crashes. In the case of overflows involving loop index variables, the
likelihood of infinite loops is also high. |
Integrity | Modify memory | If the value in question is important to data (as opposed to flow),
simple data corruption has occurred. Also, if the wrap around results in
other conditions such as buffer overflows, further memory corruption may
occur. |
ConfidentialityAvailabilityAccess_Control | Execute unauthorized code or
commandsBypass protection
mechanism | This weakness can sometimes trigger buffer overflows which can be used
to execute arbitrary code. This is usually outside the scope of a
program's implicit security policy. |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
| | Requirements specification: The choice could be made to use a language
that is not susceptible to these issues. | | |
Architecture and Design | | Provide clear upper and lower bounds on the scale of any protocols
designed. | | |
Implementation | | Place sanity checks on all incremented variables to ensure that they
remain within reasonable bounds. | | |
RelationshipsThe relationship between overflow and wrap-around needs to be examined
more closely, since several entries (including CWE-190) are closely
related.
Related CWE | Type | View | Chain |
---|
CWE-128 ChildOf CWE-885 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The following image processing code allocates a table for
images. (Demonstrative Example Id DX-33)
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
CLASP | | Wrap-around error | |
CERT C Secure Coding | MEM07-C | Ensure that the arguments to calloc(), when multiplied, can be
represented as a size_t | |
CERT C++ Secure Coding | MEM07-CPP | Ensure that the arguments to calloc(), when multiplied, can be
represented as a size_t | |
References:
- Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 5: Buffer Overruns." Page 89'. Published on 2010.
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 6, "Signed Integer Boundaries", Page
220.'. Published on 2006.